{ "cells": [ { "cell_type": "markdown", "metadata": { "button": false, "new_sheet": false, "run_control": { "read_only": false }, "slideshow": { "slide_type": "slide" } }, "source": [ "# Fuzzingbook Release Notes" ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "fragment" } }, "source": [ "This book and its code use numbered versioning. The version numbers correspond to the version numbers in [the Python pip package](Importing.ipynb)." ] }, { "attachments": {}, "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Current Version (in progress)\n", "\n", "This is the version we are preparing for the next release (e.g. what you get when you check out the latest version from [the GitHub repo](__GITHUB_HTML__)).\n", "Major changes will show up here as we make them.\n", "\n", "* Updates to `requirements.txt`, using the latest and greatest third-party modules\n", "* Python 3.9 is no longer supported.\n", "* In notebooks under Python 3.12, automatic garbage collection would cause a method `_clean_thread_parent_frames()` to be executed with certain functions, interfering with tracing and dynamic analysis. This is now disabled." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.2.2 (released 2024-11-10)\n", "\n", "* Adapted the code to work with Python 3.13:\n", " - Work around an error in the `showast` module\n", " - Extended the [chapter on Compiler Testing](PythonFuzzer.ipynb) to work with Python 3.13 and later\n", " - Added automatic Python 3.13 tests into our workflow\n", "* Fix: Outputting code coverage using the `Coverage` class would prefix _covered_ code with `#`, rather than _uncovered_ code as should be. This has been fixed.\n", "* Lots of additional typos fixed, [thanks to Sergey Bronnikov](https://github.com/uds-se/fuzzingbook/pull/181)." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.2.1 (released 2023-11-13)\n", "\n", "* Importing book classes from third-party code would accidentally set a fixed random seed, making all further random decisions deterministic (i.e. produce the same result every time). This is now fixed.\n", "* Minor updates to Python package requirements." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.2 (released 2023-10-23)\n", "\n", "* For announcements, we now use Mastodon ([@TheFuzzingBook@mastodon.social](https://mastodon.social/@TheFuzzingBook)) instead of X. Follow us on Mastodon!\n", "* We have a [new chapter on Fuzzing with Constraints](FuzzingWithConstraints.ipynb) in which we introduce the ISLa constraint language / fuzzer / parser.\n", "* We have a [new chapter on Compiler Testing](PythonFuzzer.ipynb) in which we use grammars to generate, parse, and evolve Python code.\n", "* We now regularly test our code on various Python versions.\n", " * Python 3.12: all chapters work, except for [Symbolic Fuzzing](SymbolicFuzzer.ipynb).\n", " * Python 3.11: all chapters work.\n", " * Python 3.10: all chapters work.\n", " * Python 3.9: all chapters work, except for the two new chapters listed above. (ISLa needs 3.10 or later.)\n", "\n", " For development, we recommend Python 3.10 or 3.11.\n", "* We fixed several typos throughout the book, using the awesome [LTeX](https://github.com/valentjn/vscode-ltex) grammar/spell checker\n", "* `ProbabilisticGrammarMiner` now properly handles empty expansions ([Issue #154](https://github.com/uds-se/fuzzingbook/pull/154)) - thanks to [Martin Eberlein](https://github.com/martineberlein)!\n", "* The [chapter on Fuzzing](Fuzzer.ipynb) now has a more detailed computation of the probability of deleting your home directory. Thanks to [mhamami-abuomar](https://github.com/mhamami-abuomar)!\n", "* We no longer support `fuzzingbook` DockerHub images." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" }, "tags": [] }, "source": [ "## Version 1.1 (released 2022-05-18)\n", "\n", "Changes since 1.0:\n", "\n", "* The book has lots of new material (videos, quizzes).\n", "* The code now has static type annotations (and is type checked).\n", "* Requirements and install procedures have been reworked.\n", "* Apart from code fixes, code semantics stays unchanged." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "subslide" } }, "source": [ "Changes and fixes since 1.0.7:\n", "\n", "* All videos are re-cut – thanks to Aman Roy!\n", "* `Fuzzer.runs()` now returns a list _comprehension_ instead of a list (Issue [#106](https://github.com/uds-se/fuzzingbook/pull/106))\n", "* Code using `selenium` has been updated to the latest version.\n", "* Fixed a problem in `FasterGrammarFuzzer` (Issue [#130](https://github.com/uds-se/fuzzingbook/pull/130)) - thanks to [CuriousGeorgiy](https://github.com/CuriousGeorgiy)!" ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.0.7 (released 2022-01-25)\n", "\n", "* The `WebFuzzer` constructor now allows using a subclass of `HTMLGrammarMiner`.\n", "* The `GUIFuzzer` constructor now allows using a subclass of `GUIGrammarMiner`.\n", "* Class diagrams are now simplified, as we skip non-public methods defined in other chapters." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.0.6 (released 2022-01-18)\n", "\n", "* Fixed a major performance bug in grammar fuzzing (Issue [#117](https://github.com/uds-se/fuzzingbook/pull/117))\n", "* We now work with recent versions of `z3-solver` (Issue [#115](https://github.com/uds-se/fuzzingbook/issues/115))\n", "* In the [chapter on configuration fuzzing](ConfigurationFuzzer.ipynb), the `OptionGrammarMiner` will now capture args from external Python scripts that are protected by `if __name__ == '__main__'`\n", "* Various minor fixes and documentation improvements" ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.0.5 (released 2022-01-10)\n", "\n", "* This release increases compatibility with various Z3 versions for [concolic fuzzing](ConcolicFuzzer.ipynb).\n", "* In the [chapter on symbolic fuzzing](SymbolicFuzzer.ipynb), the `AdvancedSymbolicFuzzer` is now named `SymbolicFuzzer` plain and simple. (`AdvancedSymbolicFuzzer` still works as an alias)." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.0.4 (released 2022-01-04)\n", "\n", "Happy new year!\n", "* This release fixes some bugs in the [chapter on concolic fuzzing](ConcolicFuzzer.ipynb), notably in the `ConcolicTracer.zeval()` method.\n" ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.0.3 (released 2021-12-14)\n", "\n", "* On Unix, the [`ExpectTimeout`](ExpectError.ipynb) class is now much more performant\n", "* The chapter on [greybox fuzzing with grammars](GreyboxGrammarFuzzer.ipynb) should now run on Windows, too" ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.0.2 (released 2021-12-08)\n", "\n", "* Minor fixes in the `AFLGoSchedule` and `AFLFastSchedule` classes in the [chapter on greybox fuzzing](GreyboxFuzzer.ipynb).\n", "* Minor fixes across the board." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.0.1 (released 2021-11-23)\n", "\n", "* The code now passes `mypy` static type checks.\n", "* The `Coverage` class now supports `function_names()` and `__repr__()` methods. Its `__exit__()` method is no longer included in coverage.\n", "* Minor fixes across the board." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 1.0 (released 2021-11-04)\n", "\n", "* We now support (but also require) **Python 3.9 or later**. Earlier versions still required Python 3.6 due to some outdated modules such as `astor` and `enforce` we depended upon (and now don't anymore).\n", "* We added missing dependencies to the `fuzzingbook` pip package ([Issue #44](https://github.com/uds-se/debuggingbook/issues/44) in `debuggingbook`) such that `pip install fuzzingbook` also installs all the packages it depends upon. Thanks to @TheSilvus for reporting this!\n", "* We fixed a warning '.gitignore is a symbolic link' during git checkout ([Issue #43](https://github.com/uds-se/debuggingbook/issues/43)) Thanks to @rjc for reporting this!\n", "* We identified some chapters that were using `numpy.random` rather than Python `random`, resulting in, well, random results every time we'd build the book. This is now fixed, and more consistent.\n", "* Under the hood, we have adopted several more improvements from our sister project [\"The Debugging Book\"](https://www.debuggingbook.org). Notably, the build process is much streamlined, and we run [continuous integration tests](https://github.com/uds-se/fuzzingbook/actions) to ensure quality of changes and pull requests." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 0.9.5 (released 2021-06-08)\n", "\n", "* Lots of minor fixes in HTML generation, adopting new tools and tests from [\"The Debugging Book\"](https://www.debuggingbook.org).\n", "* Code functionality should be unchanged.\n", "* The `bookutils` module is now shared with the `debuggingbook` project; some (hopefully neutral) fixes.\n", "* Several typos and other minor fixes throughout the book." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 0.9.0\n", "\n", "* In the Web version, some not-so-critical details (typically, long implementations and logs) are only shown on demand. This is still work in progress.\n", "* The `fuzzingbook_utils` module used by notebooks is now renamed to `bookutils`. Code and notebooks using `fuzzingbook_utils` may still work, but will issue a deprecation warning.\n", "* Several minor fixes to functionality in [Parsing and Recombining Inputs](Parser.ipynb), [Concolic Fuzzing](ConcolicFuzzer.ipynb), [Symbolic Fuzzing](SymbolicFuzzer.ipynb)\n", "* Better style when printing from browser (colored text, smaller fonts)\n", "* Avoid tracking in YouTube videos\n", "* Several typos and other minor fixes throughout the book" ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Version 0.8.0 (released 2019-05-21)\n", "\n", "First numbered fuzzingbook release.\n", "\n", "* Includes [Python pip package](Importing.ipynb).\n", "* Includes _Synopsis_ sections at the beginning of each chapter, highlighting their usage in own code.\n", "* Describes [Tours through the Book](Tours.ipynb)." ] }, { "cell_type": "markdown", "metadata": { "slideshow": { "slide_type": "slide" } }, "source": [ "## Chapter Releases\n", "\n", "Before switching to numbered releases, new chapters were coming out every Tuesday.\n", "\n", "1. [Introduction to Software Testing](Intro_Testing.ipynb) – 2018-10-30\n", "1. [Fuzzing: Breaking Things with Random Inputs](Fuzzer.ipynb) – 2018-10-30\n", "1. [Getting Coverage](Coverage.ipynb) – 2018-11-06\n", "1. [Mutation-Based Fuzzing](MutationFuzzer.ipynb) – 2018-11-06\n", "1. [Fuzzing with Grammars](Grammars.ipynb) – 2018-11-13\n", "1. [Efficient Grammar Fuzzing](GrammarFuzzer.ipynb) – 2018-11-20\n", "1. [Grammar Coverage](GrammarCoverageFuzzer.ipynb) – 2018-11-27\n", "1. [Testing Configurations](ConfigurationFuzzer.ipynb) – 2018-12-04\n", "1. [Parsing and Recombining Inputs](Parser.ipynb) – 2018-12-11\n", "1. [Probabilistic Grammar Fuzzing](ProbabilisticGrammarFuzzer.ipynb) – 2018-12-18\n", "1. [Fuzzing with Generators](GeneratorGrammarFuzzer.ipynb) – 2019-01-08\n", "1. [Fuzzing APIs](APIFuzzer.ipynb) – 2019-01-15\n", "1. [Carving Unit Tests](Carver.ipynb) – 2019-01-22\n", "1. [Reducing Failure-Inducing Inputs](Reducer.ipynb) – 2019-01-29\n", "1. [Web Testing](WebFuzzer.ipynb) – 2019-02-05\n", "1. [GUI Testing](GUIFuzzer.ipynb) – 2019-02-12\n", "1. [Mining Input Grammars](GrammarMiner.ipynb) – 2019-02-19\n", "1. [Tracking Information Flow](InformationFlow.ipynb) – 2019-03-05\n", "1. [Concolic Fuzzing](ConcolicFuzzer.ipynb) – 2019-03-12\n", "1. [Symbolic Fuzzing](SymbolicFuzzer.ipynb) – 2019-03-19\n", "1. [Mining Function Specifications](DynamicInvariants) – 2019-03-26\n", "1. [Search-Based Fuzzing](SearchBasedFuzzer.ipynb) – 2019-04-02\n", "1. [Evaluating Test Effectiveness with Mutation Analysis](MutationAnalysis.ipynb) – 2019-04-09\n", "1. [Greybox Fuzzing](GreyboxFuzzer.ipynb) – 2019-04-16\n", "1. [Greybox Fuzzing with Grammars](GreyboxGrammarFuzzer.ipynb) – 2019-04-30\n", "1. [Fuzzing in the Large](FuzzingInTheLarge.ipynb) – 2019-05-07\n", "1. [When to Stop Fuzzing](WhenToStopFuzzing.ipynb) – 2019-05-14\n", "1. [Tours through the Book](Tours.ipynb) - 2019-05-21\n", "\n", "After all chapters were out, we switched to a release-based schedule, with numbered minor and major releases coming out when they are ready." ] } ], "metadata": { "ipub": { "bibliography": "fuzzingbook.bib", "toc": true }, "kernelspec": { "display_name": "3.10.2", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.11.11" }, "toc": { "base_numbering": 1, "nav_menu": {}, "number_sections": true, "sideBar": true, "skip_h1_title": true, "title_cell": "", "title_sidebar": "Contents", "toc_cell": false, "toc_position": {}, "toc_section_display": true, "toc_window_display": true }, "toc-autonumbering": false }, "nbformat": 4, "nbformat_minor": 4 }